https://bugs.webkit.org/show_bug.cgi?id=24731
And
rdar://problem/5015961

Implements support for DHTML drag-and-drop operations (i.e. ondragstart, ondragend)
in the Windows build so that it conforms to the Mac OS X build. Hence, dropEffect is
correctly set.

The WebView and WebDropSource drag-and-drop functions, as called by function
DoDragDrop in its event loop, neither used the drop effect as specified by
event.dataTransfer.dropEffect nor respected event.dataTransfer.effectsAllowed.
Instead, these functions defaulted to some hardcoded drop effect and set of
allowed drop effects, respectively.

Fixes an issue in which injecting an inline event handler whose value ends in a single-line
JavaScript comment can bypass the XSSAuditor. Similarly fixes this issue with respect to
the HTML Base element, HTML Object element, inline and external script tags, and
JavaScript multi-line variants of all of these attacks.

Transitions fail to run sometimes
https://bugs.webkit.org/show_bug.cgi?id=26770

Fix an issue where we could attempt to start accelerated animations or transitions on
GraphicsLayer that were not rooted (because of visibility:hidden), which would leave
the AnimationController's m_waitingForResponse flag in a state that killed subsequent
software transitions.

* platform/graphics/GraphicsLayer.h:
* platform/graphics/GraphicsLayer.cpp:
(WebCore::GraphicsLayer::hasAncestor):
New method to report whether the receiver has the given layer as an ancestor. Used for checking
whether a layer is rooted.

* platform/graphics/gtk/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivate::duration):
Check if caps are valid before parsing them in ::naturalSize().
This prevents assertions if the natural size should be calculated
before the video caps are negotiated.

[XSSAuditor] Add an exception for local files
https://bugs.webkit.org/show_bug.cgi?id=30352

Reduce XSS auditor false positives by always letting pages load scripts
from their own host. We don't actually know of any false positives
that this prevents, but it seems like a good idea.

One subtly is that we don't add this exception for scripts that have a
query string because (1) URLs with query strings are more apt to
confuse servers and (2) it is much less common to load scripts with a
query string.

Remove virtual contextElement() function from all SVG*Element classes, as all animated properties live in the
SVG*Element classes now instead of the SVGFitToViewBox / SVGURIReference / SVGExternalResourcesRequired
subclasses. This is a first step to working animVal support. More patches will follow that depend on this change.

Remove "This file is part of the KDE project" from several files, change my old mail adress wildfox -> zimmermann,
and remove vim modelines on all files I touched. No change in functionality, thus no new tests.

SVGMaskElement moves the mask image graphics context to the wrong location.
In objectBoundingBoxMode the maskDestRect gets translated. This transformation
is not used in the later calculation. Fix by consistenly calculating the translation
offsets from the final mask destination rect.

SVGMaskElement moves the mask image graphics context to the wrong location.
In objectBoundingBoxMode the maskDestRect gets translated. This transformation
is not used in the later calculation. Fix by consistenly calculating the translation
offsets from the final mask destination rect.

- Only cache the data when we start to use it.
- Start with a repetition count of none for normal images.
- Do not use canRead as this will trigger parsing of the full image
- Cope with a GIF failing to decode the first frame, do not
set m_failed to true if decoding the first frame failed
- Inform the QImageReader about the format that was detected
- Always create a ImageDecoderQt when when we have more
than four byte.